[AKS] Fix --azure-keyvault-kms-key-vault-network-access parameter not being correctly applied during cluster creation and updates when PMK is enabled
#9359
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
bingosummer
requested review from
FumingZhang and
andyliuliming
as code owners
️✔️Azure CLI Extensions Breaking Change Test
|
|
The git hooks are available for azure-cli and azure-cli-extensions repos. They could help you run required checks before creating the PR. Please sync the latest code with latest dev branch (for azure-cli) or main branch (for azure-cli-extensions). pip install azdev --upgrade
azdev setup -c <your azure-cli repo path> -r <your azure-cli-extensions repo path>
|
|
Thank you for your contribution! We will review the pull request and get back to you soon. |
microsoft-github-policy-service
bot
requested review from
evelyn-ys,
jsntcy,
kairu-ms,
necusjz,
yanzhudd,
yonzhan and
zhoxing-ms
|
karataliu
approved these changes
Oct 30, 2025
There was a problem hiding this comment.
Pull Request Overview
This PR fixes a bug where the --azure-keyvault-kms-key-vault-network-access parameter was not being correctly applied during Azure Key Vault KMS configuration for AKS clusters. The version is bumped from 19.0.0b8 to 19.0.0b9.
- Added the missing
key_vault_network_accessparameter to theAzureKeyVaultKmsmodel initialization in both create and update decorators - Added comprehensive test coverage for both create and update scenarios with Public and Private network access
- Updated integration tests to include the network access parameter
Reviewed Changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| src/aks-preview/setup.py | Version bump from 19.0.0b8 to 19.0.0b9 |
| src/aks-preview/azext_aks_preview/managed_cluster_decorator.py | Added key_vault_network_access parameter to AzureKeyVaultKms initialization in set_up_kms_pmk_and_cmk and update_kms_pmk_cmk methods |
| src/aks-preview/azext_aks_preview/tests/latest/test_managed_cluster_decorator.py | Added unit tests for create/update scenarios with Public/Private network access |
| src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py | Updated integration tests to include network access parameter in test commands |
| src/aks-preview/HISTORY.rst | Added changelog entry for the bug fix |
src/aks-preview/HISTORY.rst
Outdated
| * `az aks machine update`: Add support for updating machine tags, node taints and node labels. | ||
| * Fix `az aks bastion` subshell defaulting to cmd on Windows when invoked from PowerShell by implementing grandparent process detection to identify the actual user shell. | ||
| * Fix `az aks bastion` subshell defaulting to cmd on Windows when invoked from PowerShell by implementing grandparent process detection to identify the actual user shell. | ||
| * `az aks update`: Fix `--azure-keyvault-kms-key-vault-network-access` parameter not being correctly applied during cluster creation and updates. |
There was a problem hiding this comment.
The changelog entry mentions 'az aks update' but the fix also applies to 'az aks create'. The entry should mention both commands for accuracy. Consider: 'az aks create and az aks update: Fix --azure-keyvault-kms-key-vault-network-access parameter not being correctly applied during cluster creation and updates.'
Suggested change
| * `az aks update`: Fix `--azure-keyvault-kms-key-vault-network-access` parameter not being correctly applied during cluster creation and updates. | |
| * `az aks create` and `az aks update`: Fix `--azure-keyvault-kms-key-vault-network-access` parameter not being correctly applied during cluster creation and updates. |
|
/azp run |
|
Azure Pipelines successfully started running 2 pipeline(s). |
FumingZhang
reviewed
Oct 31, 2025
| update_cmd = ( | ||
| "aks update --resource-group={resource_group} --name={name} " | ||
| "--enable-azure-keyvault-kms --azure-keyvault-kms-key-id={key_id} " | ||
| "--azure-keyvault-kms-key-vault-network-access=Public " |
FumingZhang
previously approved these changes
Oct 31, 2025
|
Please fix CI issues |
bingosummer
force-pushed
the
binxi/aks-kms-fix-network-access
branch
from
c2968f9 to
1291854
Compare
github-actions
bot
added
the
release-version-block
|
/azp run |
|
Azure Pipelines successfully started running 2 pipeline(s). |
…ot being correctly applied during cluster creation and updates when PMK is enabled
bingosummer
force-pushed
the
binxi/aks-kms-fix-network-access
branch
from
1291854 to
1a90eb6
Compare
github-actions
bot
removed
the
release-version-block
|
/azp run |
|
Azure Pipelines successfully started running 2 pipeline(s). |
FumingZhang
approved these changes
Nov 4, 2025
yanzhudd
approved these changes
Nov 4, 2025
|
[Release] Update index.json for extension [ aks-preview-19.0.0b10 ] : https://dev.azure.com/msazure/One/_build/results?buildId=142554597&view=results |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
10 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This checklist is used to make sure that common guidelines for a pull request are followed.
Related command
General Guidelines
azdev style <YOUR_EXT>locally? (pip install azdevrequired)python scripts/ci/test_index.py -qlocally? (pip install wheel==0.30.0required)For new extensions:
About Extension Publish
There is a pipeline to automatically build, upload and publish extension wheels.
Once your pull request is merged into main branch, a new pull request will be created to update
src/index.jsonautomatically.You only need to update the version information in file setup.py and historical information in file HISTORY.rst in your PR but do not modify
src/index.json.